Learn how to implement subnet delegation to restrict on-premises network access to specific subnets when using Azure VPN Gateway with BGP. Discover the effectiveness of this solution in meeting the goal of making a new subnet unreachable from the on-premises environment.
Table of Contents
Question
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
A company connects their on-premises network by using Azure VPN Gateway. The on-premises environment includes three VPN devices that separately tunnel to the gateway by using Border Gateway Protocol (BGP).
A new subnet should be unreachable from the on-premises network.
You need to implement a solution.
Solution: Configure subnet delegation.
Does the solution meet the goal?
A. Yes
B. No
Answer
B. No
Explanation
Subnet delegation is used to grant explicit permissions to a service to create service-specific resources in the subnet. It does not control network access or reachability between on-premises and Azure networks.
To make a new subnet unreachable from the on-premises network, you should configure network security groups (NSGs) or use Azure Firewall to deny traffic from the on-premises IP ranges to the new subnet. Another option is to create a separate virtual network for the new subnet and not establish VPN connectivity between that virtual network and the on-premises network.
Troubleshooting Microsoft Azure Connectivity AZ-720 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Troubleshooting Microsoft Azure Connectivity AZ-720 exam and earn Troubleshooting Microsoft Azure Connectivity AZ-720 certification.